Advanced: Using SSH keys

If you do not want to type in a password every time you log in into a machine an ssh key can be used as an alternative identification method. Such a key must still be protected by a password to prevent other people from using it, but a key manager can be used to prevent you from typing in this password multiple times.

Creating the key

In order to create an ssh key the following command must be run:

 ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519

This command can be run from a Linux terminal, an OS X terminal, or within MobaXterm, and it has to be run on your local machine (i.e. not on Hábrók!).

After you have executed the command you will be presented with the following dialog:

Generating public/private ed25519 key pair.

The default location (~/.ssh/id_ed25519) should normally be fine. You will be asked for the passprhase. You have to give it twice to prevent typing mistakes.

Enter passphrase (empty for no passphrase):
Enter same passphrase again:

Now the key will be generated.

Your identification has been saved in ~/.ssh/id_ed25519
Your public key has been saved in ~/.ssh/id_25519.pub
The key fingerprint is:
SHA256:w2HD3c+ax12jfOfr518emhTT42216RURnEbJbbIDxnQ yourname@yoursystem
The key's randomart image is:
+--[ED25519 256]--+
|           o. Eo+|
|       . . .+..*+|
|        = .....= |
|       o o   o+ .|
|        S    oo*o|
|         .  .+=.X|
|            o+o*B|
|            ..=+*|
|             o.=O|
+----[SHA256]-----+

Using the key

In order to use the key for logging in into Hábrók the public part of the key has to be copied to the list of authorized keys in your Hábrók account. This can be achieved in the following way.

Copy the public key to Hábrók using scp:

scp .ssh/id_ed25519.pub p12345@login1.hb.hpc.rug.nl:desktop_key.pub

Note that you have to adjust your username. You will be asked for your password, after which the file will be copied.

p12345@habrok.hpc.rug.nl's password:
Restoring modules to user's default
id_ed25519.pub                                    100%  396     0.4KB/s   00:00

The contents of this file has to be added to a file called authorized_keys in a directory named .ssh in your home directory. You have to create the directory .ssh if it is not there yet. On Hábrók the following actions have to be taken.

  1. Create the directory if it is not there:
mkdir .ssh
  1. Set the correct permissions on the directory
chmod go-rwx .ssh
  1. Copy the contents of the public ssh key (copied to desktop_key.pub) to the file authorized_keys
cat desktop_key.pub >> .ssh/authorized_keys
  1. Set correct permissions on the file authorized_keys
chmod go-w .ssh/authorized_keys

After setting this up in the way described you should be able to log in without having to enter a password multiple times. The key manager should ask for your key password only once.

For this to work correctly in MobaXterm the use private key option must be enabled. By default it will use the correct location of the id_ed25519 file.
You can find this option by left clicking on your session, choose Edit session, then select SSH and finally Advanced SSH settings: